簡易檢索 / 詳目顯示
| 研究生: |
劉哲豪 Che-Hao Liu |
|---|---|
| 論文名稱: |
SMACK-based application whitelisting on AGL SMACK-based application whitelisting on AGL |
| 指導教授: |
許富皓
Fu-Hau Hsu |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 論文出版年: | 2020 |
| 畢業學年度: | 108 |
| 語文別: | 中文 |
| 論文頁數: | 49 |
| 中文關鍵詞: | 白名單 、資訊安全 |
| 外文關鍵詞: | whitelisting, security |
| 相關次數: | 點閱:7 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著科技的日新月異,車用電腦也發展得越來越完全。而近幾年自駕車、車用資訊娛樂系統也變得越來越成熟,許多產品也實際的被應用在真實世界裡。也因此車用資訊娛樂系統的安全性便受到了重視。而Automotive Grade Linux (AGL)是Linux Foundation的開源專案項目之一,此一開源專案主要目的在於提供一個可供各大車廠使用的車用資訊娛樂系統。由於AGL可以直接存取車上的ECU,因此若是遭到惡意攻擊者的攻擊,則攻擊者便可能得到整台車的控制權,進而影響駕駛人的生命安全。
本篇論文將透過Linux security module — SMACK 搭配Access Control List (ACL),對AGL上的程式進行權限控管,進而實做出應用程式白名單機制,此機制能夠在不更動原有AGL的系統架構及不影響AGL原有系統程式的執行狀況下,有效地加強AGL的安全防護。
為了證明此機制的可行性,我們實際應用在AGL的系統上,並透過遠端攻擊的方式測試是否能夠攻擊成功。實驗結果顯示這樣的機制確實能夠有效的防止惡意攻擊者的遠端攻擊。
In recent years, self-driving and in-vehicle systems have become more and more mature, and many products have actually been applied in the real world. Therefore, the security of the in-vehicle system has received attention. Automotive Grade Linux (AGL) is one of the Linux Foundation's open source project. The main purpose of this open source project is to provide a car infotainment system that can be used by major car manufacturers. Since AGL can directly access the Electronic Control Unit (ECU), if it is attacked by a malicious attacker, the attacker may gain control of the entire car, thereby affecting the life of the driver.
This paper will use Linux security module – SMACK and Access Control List (ACL) to control the access permission of program on AGL, and then implement the application whitelist mechanism. This mechanism could enhance the security on AGL, and it would not change the original AGL system architecture.
In order to prove the feasibility of this mechanism, we apply it to the real AGL system and test whether it can be successfully attacked by remote attacker. Experimental results show that such a mechanism can effectively prevent remote attacks by malicious attackers.
[1] S. N. Y. D. Ling Liu, "FREE-FALL: HACKING TESLA FROM WIRELESS TO CAN BUS," in Black Hat, USA, 2017.
[2] “About Automotive Grade Linux,” [線上]. Available: https://www.automotivelinux.org/.
[3] C. Schaufler, “Smack in Embedded Computing,” OLS, pp. 179-186, 2008.
[4] “The Linux kernel,” [線上]. Available: https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/Smack.html.
[5] “Access-control list - WIKI,” [線上]. Available: https://en.wikipedia.org/wiki/Access-control_list.
[6] J. Turla, “Car Infotainment Hacking Methodology and Attack Surface Scenarios,” 於 HITCON, 2018.
[7] “AGL-WIKI,” [線上]. Available: https://wiki.automotivelinux.org/agl-distro/release-notes#grumpy_guppy.
[8] “AGL Grumpy Guppy 7.0.4 Image,” [線上]. Available: https://download.automotivelinux.org/AGL/release/guppy/7.0.4/raspberrypi3/deploy/images/raspberrypi3/.
[9] “Raspberrypi,” [線上]. Available: https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/.
[10] “IMA/EVM WIKI,” [線上]. Available: https://sourceforge.net/p/linux-ima/wiki/Home/.
